Путеводитель по Руководству Linux
  User  |  Syst  |  Libr  |  Device  |  Files  |  Other  |  Admin  |  Head  |


   pam_wheel    ( 8 )

разрешить root-доступ только членам группы wheel (Only permit root access to members of group wheel)

Имя (Name)

pam_wheel - Only permit root access to members of group wheel

Синопсис (Synopsis)

pam_wheel.so [debug] [deny] [group=name] [root_only] [trust] [use_uid]

Описание (Description)

The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant user is a member of the wheel group. If no group with this name exist, the module is using the group with the group-ID 0.

Параметры (Options)

debug
           Print debug information.


       deny
           Reverse the sense of the auth operation: if the user is
           trying to get UID 0 access and is a member of the wheel group
           (or the group of the group option), deny access. Conversely,
           if the user is not in the group, return PAM_IGNORE (unless
           trust was also specified, in which case we return
           PAM_SUCCESS).


       group=name
           Instead of checking the wheel or GID 0 groups, use the name
           group to perform the authentication.


       root_only
           The check for wheel membership is done only when the target
           user UID is 0.


       trust
           The pam_wheel module will return PAM_SUCCESS instead of
           PAM_IGNORE if the user is a member of the wheel group (thus
           with a little play stacking the modules the wheel members may
           be able to su to root without being prompted for a passwd).


       use_uid
           The check for wheel membership will be done against the
           current uid instead of the original one (useful when jumping
           with su from one account to another for example).

Предоставляемые типы модулей (Module types provided)

The auth and account module types are provided.

Возвращаемое значение (Return value)

PAM_AUTH_ERR Authentication failure.

PAM_BUF_ERR Memory buffer error.

PAM_IGNORE The return value should be ignored by PAM dispatch.

PAM_PERM_DENY Permission denied.

PAM_SERVICE_ERR Cannot determine the user name.

PAM_SUCCESS Success.

PAM_USER_UNKNOWN User not known.

Примеры (Examples)

The root account gains access by default (rootok), only wheel
       members can become root (wheel) but Unix authenticate non-root
       applicants.


           su      auth     sufficient     pam_rootok.so
           su      auth     required       pam_wheel.so
           su      auth     required       pam_unix.so

Смотри также (See also)

pam.conf(5), pam.d(5), pam(8)